By Huw JonesEditing
LONDON (Reuters) – Britain’s financial watchdog said on Friday it had fined consumer credit rater Equifax Ltd 11 million pounds ($13.4 million) for its role in “one of the largest” cyber-security breaches in history.
The Financial Conduct Authority (FCA) said that in 2017 Equifax’s parent company, Equifax Inc in the United States, was subject to one of the biggest cybersecurity breaches in history, when the personal details of as many as 147.9 million U.S. consumers were accessed during the hack.
The FCA said the hackers could also access the personal data of 13.8 million UK consumers because the data was stored on company servers in the United States.
Equifax Ltd had outsourced data such as names, dates of birth, the company membership login details, partially exposed credit card details and addresses.
“The cyberattack and unauthorised access to data was entirely preventable,” the FCA said in a statement, adding that it exposed UK consumers to the risk of financial crime.
The company said on Friday it has cooperated fully with the FCA throughout the long-running investigation.
“Since the cyberattack against our company six years ago, we have invested over $1.5 billion in a security and technology transformation,” said Patricio Remon, president for Europe at Equifax.
“Few companies have invested more time and resources than Equifax to ensure that consumers’ information is protected,” Remon said.
The FCA said the UK arm of Equifax did not find out that consumer data had been accessed until six weeks after the parent company discovered the hack, the FCA said.
“There were known weaknesses in Equifax Inc’s data security systems and Equifax failed to take appropriate action in response to protect UK customer data,” it said.
Equifax’s fine was discounted after it agreed to resolve the matter and cooperate to a high level with the watchdog, the FCA said.
Britain’s Information Commissioner’s Office fined Equifax Ltd 500,000 pounds in 2018.
($1 = 0.8191 pounds)